Iranian-backed MuddyWater cyber-espionage group is continuously upgrading and improving its tools lately. The group’s POWERSTATS backdoor is being dropped on already compromised machines during later stages of the attacks. An updated version of the backdoor dubbed PowerSTATS v3 is being used during the infection process’ second stage. The infection’s second stage is delivered from compromised servers controlled by the hacking group and will only be deployed to machines that the threat group considers interesting. MuddyWatter is known by threat intelligence experts to mainly target Midle Eastern entities.
Source: https://www.bleepingcomputer.com/news/security/muddywater-updates-powerstats-backdoor-for-multi-stage-attacks/